Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/61d42d-3b48-468e-9ad9-215fc390bfe4/1/ogw06bC9fSA5JtwbxjqBTwB8S7M.roa
File:                     ogw06bC9fSA5JtwbxjqBTwB8S7M.roa (raw, json)
Hash identifier:          vrhz7RBPhJfh55j3s/uctrpkU981dgPSyM1irPhVjqk=
Subject key identifier:   A2:0C:34:E9:B0:BD:7D:20:39:26:DC:1B:C6:3A:81:4F:00:7C:4B:B3
Certificate issuer:       /CN=61b7202c9230c289450ed5a62b17369a0659bc6b
Certificate serial:       018E7AF698D089DCC102195DB65DA96A521E
Authority key identifier: 61:B7:20:2C:92:30:C2:89:45:0E:D5:A6:2B:17:36:9A:06:59:BC:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbcgLJIwwolFDtWmKxc2mgZZvGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/61d42d-3b48-468e-9ad9-215fc390bfe4/1/ogw06bC9fSA5JtwbxjqBTwB8S7M.roa
Signing time:             Tue 26 Mar 2024 13:32:45 +0000
ROA not before:           Tue 26 Mar 2024 13:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59790
IP address blocks:        45.141.252.0/22 maxlen: 22
                          185.104.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/61d42d-3b48-468e-9ad9-215fc390bfe4/1/YbcgLJIwwolFDtWmKxc2mgZZvGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/61d42d-3b48-468e-9ad9-215fc390bfe4/1/YbcgLJIwwolFDtWmKxc2mgZZvGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbcgLJIwwolFDtWmKxc2mgZZvGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7a:f6:98:d0:89:dc:c1:02:19:5d:b6:5d:a9:6a:52:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b7202c9230c289450ed5a62b17369a0659bc6b
        Validity
            Not Before: Mar 26 13:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a20c34e9b0bd7d203926dc1bc63a814f007c4bb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:99:91:ad:09:a2:e0:22:ec:bc:22:c2:b7:7d:
                    57:43:c3:bb:6b:dc:07:96:9a:ba:4a:60:40:e4:d9:
                    06:7b:f3:7b:ab:40:53:0e:5d:30:b8:55:cd:e8:da:
                    25:91:e8:7f:83:da:3b:70:46:5f:c0:94:d8:9c:64:
                    62:ee:85:1c:6c:f0:f2:54:3e:91:49:8c:05:74:00:
                    6f:12:4a:b4:51:82:b6:df:95:df:0b:fa:ca:55:a9:
                    2e:63:17:19:ae:94:3f:79:2c:5a:4d:f8:58:d1:77:
                    d0:64:ca:fa:e5:fe:b3:50:95:ea:7d:5f:1e:78:b2:
                    0b:72:f4:64:71:be:c2:f7:6a:d8:74:eb:8a:9d:b3:
                    50:2d:12:56:7e:44:b0:e2:f9:3e:bb:5d:9a:c6:f9:
                    4b:5c:e9:e0:13:9a:f8:24:26:b6:05:2f:c3:1f:ae:
                    ad:15:c0:22:f3:16:df:2f:94:1d:7d:9a:bf:1e:cb:
                    d9:35:5a:f1:78:bd:d3:26:61:ba:45:37:38:34:b2:
                    df:d7:47:83:1a:4c:44:ae:8c:0f:f4:4a:ea:24:1f:
                    b0:2d:fe:c1:71:82:90:a5:83:3d:21:c8:67:c8:aa:
                    e6:37:1d:6d:8a:e6:22:9a:c4:05:c4:ea:f6:cf:6c:
                    bb:f8:79:cc:db:99:8f:a6:cb:5a:8b:4d:07:cd:de:
                    be:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:0C:34:E9:B0:BD:7D:20:39:26:DC:1B:C6:3A:81:4F:00:7C:4B:B3
            X509v3 Authority Key Identifier:
                keyid:61:B7:20:2C:92:30:C2:89:45:0E:D5:A6:2B:17:36:9A:06:59:BC:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbcgLJIwwolFDtWmKxc2mgZZvGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/61d42d-3b48-468e-9ad9-215fc390bfe4/1/ogw06bC9fSA5JtwbxjqBTwB8S7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/61d42d-3b48-468e-9ad9-215fc390bfe4/1/YbcgLJIwwolFDtWmKxc2mgZZvGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.252.0/22
                  185.104.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:54:56:57:6e:43:bf:37:cb:e0:f6:8c:3a:3c:6f:ed:79:07:
         91:6a:8e:ef:6b:82:07:fa:cc:13:a9:e1:51:88:20:a0:83:d8:
         e9:b8:3e:3a:25:36:66:79:6c:17:10:7d:0d:4b:72:6d:95:d3:
         cb:45:40:57:a4:e9:b5:7c:be:93:38:a7:c0:65:cd:09:4b:6e:
         d7:d5:54:43:c1:67:62:cb:f5:30:2c:14:14:9a:e3:b2:1e:eb:
         b2:c3:06:6f:28:09:6d:12:d3:74:c2:4f:0c:45:3f:d0:87:e0:
         88:84:23:c9:a4:ad:f3:9b:5b:37:d8:b3:15:22:59:c5:74:28:
         1d:aa:ff:e3:72:6a:fa:b6:01:4c:81:f4:40:2e:a5:58:47:14:
         90:2e:08:cb:af:d4:ef:c0:bf:5d:c7:f9:c4:82:92:9d:9b:eb:
         fa:68:bd:c7:83:bd:35:0d:af:5f:9d:ac:fb:87:79:80:a1:d6:
         cf:55:70:55:95:90:2a:e0:37:f3:13:2d:fd:23:49:fc:6d:7e:
         82:84:be:e1:ee:65:70:32:38:78:a7:1a:66:6d:f7:ab:a5:32:
         36:06:b4:d6:b2:5f:34:08:d3:55:8a:73:b7:5d:51:d8:88:d3:
         58:44:03:96:5a:5e:44:3b:e7:44:54:c2:8e:31:07:63:a0:e2:
         85:45:07:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY569pjQidzBAhldtl2palIeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjcyMDJjOTIzMGMyODk0NTBlZDVhNjJiMTczNjlhMDY1
OWJjNmIwHhcNMjQwMzI2MTMzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjBjMzRlOWIwYmQ3ZDIwMzkyNmRjMWJjNjNhODE0ZjAwN2M0YmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJmRrQmi4CLsvCLCt31XQ8O7a9wH
lpq6SmBA5NkGe/N7q0BTDl0wuFXN6Nolkeh/g9o7cEZfwJTYnGRi7oUcbPDyVD6R
SYwFdABvEkq0UYK235XfC/rKVakuYxcZrpQ/eSxaTfhY0XfQZMr65f6zUJXqfV8e
eLILcvRkcb7C92rYdOuKnbNQLRJWfkSw4vk+u12axvlLXOngE5r4JCa2BS/DH66t
FcAi8xbfL5QdfZq/HsvZNVrxeL3TJmG6RTc4NLLf10eDGkxErowP9ErqJB+wLf7B
cYKQpYM9IchnyKrmNx1tiuYimsQFxOr2z2y7+HnM25mPpstai00Hzd6+RQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKIMNOmwvX0gOSbcG8Y6gU8AfEuzMB8GA1UdIwQY
MBaAFGG3ICySMMKJRQ7VpisXNpoGWbxrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJjZ0xKSXd3b2xGRHRXbUt4YzJtZ1padkdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82MWQ0MmQtM2I0OC00NjhlLTlhZDkt
MjE1ZmMzOTBiZmU0LzEvb2d3MDZiQzlmU0E1SnR3YnhqcUJUd0I4UzdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82MWQ0MmQtM2I0OC00NjhlLTlhZDktMjE1ZmMzOTBiZmU0
LzEvWWJjZ0xKSXd3b2xGRHRXbUt4YzJtZ1padkdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLY38AwQC
uWgoMA0GCSqGSIb3DQEBCwUAA4IBAQCUVFZXbkO/N8vg9ow6PG/teQeRao7va4IH
+swTqeFRiCCgg9jpuD46JTZmeWwXEH0NS3JtldPLRUBXpOm1fL6TOKfAZc0JS27X
1VRDwWdiy/UwLBQUmuOyHuuywwZvKAltEtN0wk8MRT/Qh+CIhCPJpK3zm1s32LMV
IlnFdCgdqv/jcmr6tgFMgfRALqVYRxSQLgjLr9TvwL9dx/nEgpKdm+v6aL3Hg701
Da9fnaz7h3mAodbPVXBVlZAq4DfzEy39I0n8bX6ChL7h7mVwMjh4pxpmbferpTI2
BrTWsl80CNNVinO3XVHYiNNYRAOWWl5EO+dEVMKOMQdjoOKFRQd1
-----END CERTIFICATE-----